Описание
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Ссылки
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.1 High
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
There is a vulnerability in all angular versions before 1.5.0-beta.0, ...
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
EPSS
7.1 High
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2